PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Nothing-to-Hide Argument – My Essay’s 10th Anniversary

Privacy Surveillance Nothing to Hide Argument

In response to government surveillance or massive data gathering, many people say that there’s nothing to worry about.  “I’ve got nothing to hide,” they declare.  “The only people who should worry are those who are doing something immoral or illegal.”

Nothing to Hide - SoloveThe nothing-to-hide argument is ubiquitous.  This is why I wrote an essay about it 10 years ago called “I’ve Got Nothing to Hide,” and Other Misunderstandings of Privacy, 44 San Diego Law Review 745 (2007).  It was a short law review piece, one that I thought would be read by only a few people.  But to my surprise, this essay really resonated with many people, and it received an unusually high number of downloads for a law review essay.  I later expanded the ideas in the essay into a book: Nothing to Hide: The False Tradeoff Between Privacy and Security  (Yale University Press 2011).

This year is the 10th anniversary of the piece.  A lot has happened between then and now.  Not too long before I wrote my essay, there were revelations of illegal NSA surveillance.  A significant percentage of the public supported the NSA surveillance, and the nothing-to-hide argument was trotted out again and again.  This was the climate in which I wrote the essay.

Later on, in 2013, Edward Snowden revealed that the NSA was engaging in extensive surveillance far beyond its legal authority.  Snowden declared: “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”  This time, there was a significantly large percentage of the public that didn’t side with the NSA but instead demanded scrutiny and accountability.

Nevertheless, the nothing-to-hide argument is far from vanquished.  There will always be a need for citizens to demand accountability and oversight of government surveillance, or else we will gradually slide into a more dystopian world.

Here are a few short excerpts from my nothing-to-hide essay:

Continue Reading

Epilogue to the St. Louis Cardinals Baseball Hacking Case

St Louis Cardinals Hacking Baseball

A while ago, I wrote about a case involving a member of the St. Louis Cardinals baseball team staff who improperly accessed a database of the Houston Astros.   There is now an epilogue to report in the case.  The individual who engaged in the illegal access — a scouting director named Chris Correa — was fired by the Cardinals, imprisoned for 46 months, and banned permanently from baseball.  The Cardinals were fined $2 million by Major League Baseball Commissioner Rob Manfred, and they must forfeit their first two picks in the draft to the Houston Astros.

According to an article about the incident in the St. Louis Post-Dispatch: “As outlined in court documents, the U.S. attorney illustrated how Correa hacked Houston’s internal database, ‘Ground Control,’ 48 times during a 2½-year period. He viewed scouting reports, private medical reviews and other proprietary information. The government argued that Correa may have sought to determine if Houston borrowed the Cardinals’ data or approach, but the information he accessed was ‘keenly focused on information that coincided with the work he was doing for the Cardinals.'”

As I wrote in my piece about the case, there are several lessons to be learned.  One lesson is that it is a myth that hacking and computer crime must be hi-tech.  Here, Correa’s hacking was nothing sophisticated — he just used another person’s password.  The person had previously worked for the Cardinals, and when he went to the Astros, he kept using the same password.  In my piece, I discussed other lessons from this incident, such as the importance of teaching people good password practices as well as teaching people that just because they have access to information doesn’t make it legal to view the information.  The Cardinals organization appears to have learned from the incident, as the “employee manual has been updated to illustrate what is illegal activity online,” and the organization is using two-factor authentication to protect its own sensitive data.  The article doesn’t say whether the Astros also stepped up their security awareness training by teaching employees not to reuse their old passwords from another team.

Continue Reading

Microsoft Just Won a Big Victory Against Government Surveillance — Why It Matters

eye

Yesterday, Microsoft won a huge case against government surveillance, a case with very important implications: In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation.

Continue Reading

Can the FBI Force Apple to Write Software to Weaken Its Software?

Privacy Awareness TrainingA dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power.  The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.

Continue Reading

Without Scalia, Will There Be a 4th Amendment Revolution?

title image

The passing of Justice Antonin Scalia has brought a wave of speculation about current and future U.S. Supreme Court cases.  One area where there might be a significant impact will be the 4th Amendment, which provides the primary constitutional protection against government surveillance and information gathering.  A new justice could usher in a dramatic expansion in 4th Amendment protections against government surveillance.

Continue Reading